The availability of ubiquitous, wireless internet access is a simple design goal in theory, yet its implementation in practice is replete with business considerations that need to be addressed with advanced technical solutions. In particular, the increased desire for people to access the internet from their own computers where data resides locally requires an entirely different approach from the simplistic “internet cafés” that have sprouted into existence globally in recent years. To this end, the industry has seen the emergence of various standards, including IEEE 802.11b, known to those in the industry as “Wi-Fi”. The reader is invited to consult http://www.wi-fi.org on the internet for further information on Wi-Fi as well as the Wi-Fi alliance, a nonprofit international association formed in 1999 to certify interoperability of wireless Local Area Network products based on IEEE 802.11 specification.
Since the emergence of the IEEE 802.11b specification in 1999, an increasing number of vendors have used this standard in producing Wi-Fi compliant wireless LAN (WLAN) products. Pioneers of high speed internet access have built WLAN “hotspots”, which are basically zones of public internet access. Since it is difficult for a single service provider to build an infrastructure that offers global access to its subscribers, roaming between service providers is essential for delivering global access to customers. Roaming allows enterprises and service providers to enhance their employee connectivity and service offerings by expanding their footprint to include network access at Wi-Fi enabled hotspots.
In a roaming scenario, a wireless device (e.g. a laptop, PDA, etc.) moves to a hotspot not operated by its home access provider. It is here that registration of the device with the visited access provider and authorization of the access from the home access provider must take place. Conventional solutions require the user to supply their home login credentials to the visited access provider's authentication, authorization and accounting (AAA) server and this visited AAA server then validates the user's home login credentials by interacting with the home access provider.
Disadvantageously, a problem arises due to the visited AAA server having complete access to customer login information for customers utilizing a competitor as its access provider while roaming. This information can easily be abused. While clearly an issue amongst competing corporate entities providing internet access, this problem is expected to generate even greater concern as increasing numbers of smaller, independent enterprises begin to operate their own hotspots in the future, with few or no regulatory restrictions.
Against this background, there is a need to improve the security of the process by which a user having a business relationship with a home access provider obtains access to the Internet via a gateway operated by a visited access provider.